http://bugzilla.opensuse.org/show_bug.cgi?id=1075745 Bug ID: 1075745 Summary: VUL-1: CVE-2018-5345 gcab: Extracting malformed .cab files causes stack smashing potentially leading to arbitrary code exectuion Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/198095/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Maintenance Assignee: dimstar@opensuse.org Reporter: vpereira@microfocus.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- rh#1527296 A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file. References: https://bugzilla.redhat.com/show_bug.cgi?id=1527296 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5345 http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-5345.html http://www.cvedetails.com/cve/CVE-2018-5345/ -- You are receiving this mail because: You are on the CC list for the bug.